Emerson Process Management has released a patch for SQL Injection vulnerability in its AMS Device Manager application.

Emerson AMS Device Manager is a software used worldwide primarily in the oil and gas and chemical industries.

The Advisory (ICSA-15-111-01) released on the ICS-CERT website quoted that the vulnerability is not exploitable remotely and cannot be exploited without user interaction. It also stated that an attacker’s access to the vulnerability is of medium difficulty level.

"Successful attack results in administrative access to the application and its data files but not to the underlying computer system." The advisory reads.

The vulnerability affects AMS Device Manager, V12.5 and earlier.

Emerson advises the users of this application to take some steps to avoid exploitation to this vulnerability.

For AMS Device Manager application v12.5; it suggests the users to apply a patch, upgrade to v13, or apply the workaround below. For the earlier versions, the software can be configured by adding another user with full administrative privileges and making the default administrative user have read-only privileges.

ICS-CERT also recommends the users to limit user privileges on ICS running software machines, reduce network exposure for all control system device, locate control system networks and remote devices behind firewalls, and isolate them from the business network.

S ecurity researcher Brian Krebs has discovered a new Botnet that tests websites for vulnerabilities using the infected machines.

The malware disguise itself as a legitimate Firefox add on called "Microsoft .NET Framework Assistant" is apparently using the infected machines to find SQL Injection vulnerability in any website visited by the victim.

Once the malware determine the list of vulnerable website, the cyber criminals behind the botnet will be able to exploit the vulnerability to inject malicious codes in the websites. So, it will probably help the attacker to increase the number of infected websites and systems.

Advanced Power test SQL Injection vulnerability

The malware also capable of stealing sensitive information. However, the feature is not appeared to be activated on infected systems.

Alex Holden, chief information security officer at Hold Security LLC, analyzed the malware and believes the malware authors are from Czech Republic, based on the text string available in the threat.

Researcher says more than 12,500 systems have been infected by this malware and helped to discover at least 1,800 web pages vulnerable to SQL Injection.

Update:
In an email, a Mozilla spokesperson told EHN that "they have disabled the fraudulent 'Microsoft .NET Framework Assistant' add-on used by 'Advanced Power' as part of its attack. You should always be careful with anything you download. It's a good idea to use many layers of protection, including antivirus software to stop malware."

Tesla Team, one of the hacker group from Serbia has claimed to have breached the Vevo website(Vevo.com).

Vevo is a joint venture music video website owned and operated by Universal Music Group, Google, Sony Music Entertainment, and Abu Dhabi Media.

The team has discovered a SQL Injection vulnerability in one of the sub-domains of Vevo website that allowed hackers to compromise their database.

In a pastebin leak(pastebin.com/TAjce91x), the group leaked a vulnerable link as well as a proof of concept that exploits the vulnerability. The dump of the database is claimed to have containing emails and password of admins and other users.

It appears some one with username "JoinSeventh" in HackForums has already published the vulnerability details in 2012.

The most popular open source electronic medical records (OpenEMR) is said to have multiple vulnerabilities by the Trustwave SpiderLabs.

It reported that with a guest access, mixed with some application issues the user was able to compromise with the server running OpenEMR and it even served as a dock for attacking the internal networks.

"By browsing to this page and dumping in junk in either the start or end date parameters", he saw the SQL error message saying "ERROR: query failed: select * from forms where form_name = 'New Patient Encounter' and date between 'a'' and '2013-07-12' order by date DESC"

It also claimed to dump most of the database contents and important datas of patients as well as numerous usernames and passwords." I let my GPU box chew on the password hashes for a bit, and kept poking at the application." (the blog says)

OpenEMR is also reported to have HTML injection/XSS on an 'Office Notes' page. The user was even able to beguile the user visiting the page to attempt authentication with his system, which was hosting a fake SMB server with static challenges:

Image Credits: SpiderLabs

"This allowed me to capture a handful of domain usernames and password hashes. In addition, I had some luck cracking the OpenEMR password hashes from earlier, and some of the passwords were re-used locally on the Linux system hosting OpenEMR, allowing me access via SSH."(SpiderLabs reports)

The OpenEMR has been informed of it and they have patched the vulnerabilities in the latest 4.1.1 patch.

The hacker Reckz0r who recently breached the CNN website has identified a Post based SQL injection vulnerability in Twitter support page.

'Referrer' parameter in the api_general form located at the support.twitter.com is vulnerable to SQLi.

Although the vulnerability allow hacker to extract confidential data from Twitter, hacker didn't do involve in any malicious activities because he don't want his account to get suspended.

The screenshot provided by the hacker:

" vulnerability lies in http://support.twitter.com/forms/submitted?regarding=api_general - You see, there might be dozens of vulnerabilities lying in support.twitter.com. We can inject hidden boxes in this kind of atmosphere. " hacker said.

These security breaches are going to be next examples for the Government careless about the cyber security. The hacker @WilyXem found two more Army websites are vulnerable to SQL Injection.

Brazilian Navy and Pakistan Army websites are found to be affected by the SQL Injection vulnerability. The hacker tweeted few links that contains the proof-of-concepts(http://sprunge.us/ZUHM, sprunge.us/ZdKY, sprunge.us/CJGO)

The vulnerability exists in the Board of Historic & Documentation Navy(biblioteca.dphdm.mar.mil.br), Department of Distance Education(ead.densm.mar.mil.br) and Pakistan Army(www.pakistanarmy.gov.pk).

The POCs exposes the target database details including database name, database version and table details.

The same hacker yesterday hacked into the Royal Thai Navy website and leaked the login information from the database.

It seems that 2013 is the "Data Leakage Year"!many customers information and confidential data has been published on the internet coming from government institutions, famous vendors, and companies too.

Ebrahim Hegazy(@Zigoo0) an Egyptian information security advisor who found a high severity vulnerability in "Avira license daemon" days ago, is on the news again, but this time for finding and reporting Blind SQL Injection vulnerability in one of Yahoo! E-marketing applications.SQL Injection vulnerabilities is ranked as Critical vulnerabilities, because if used by Hackers it will cause a database breach which will lead to confidential information leakage.

A time based blind SQL Injection web vulnerability is detected in the official Yahoo! TW YSM Marketing Application Service.The vulnerability allows remote attackers to inject own sql commands to breach the database of that vulnerable application and get access to the users data.

The SQL Injection vulnerability is located in the index.php file of the soeasy module when processing to request manipulatedscId parameters. By manipulation of the scId parameter the attackers can inject own sql commands to compromise the webserverapplication dbms.

The vulnerability can be exploited by remote attackers without privileged application user account and without requireduser interaction. Successful exploitation of the sql injection vulnerability results in application and applicationservice dbms compromise.

But Ebrahim is a white hat hacker, so he reported the vulnerability to the Yahoo! security team with recommendations on how to patch the vulnerability.

More details about the vulnerability could be found here:
http://www.resecure.me/public/Yahoo-TW-YSM-BSQLI.txt

As most of readers know that Yahoo! don't have a bug bounty program or Hall of fame too, so as a reward from Yahoo! to the researchers who find a vulnerabilities in Yahoo! applications, they do award researchers by sending them a T-shirts with Yahoo! logo and some other tokens.the researcher told us that he received a package sent to him by Yahoo! which contains 2 T-shirts and a big cup as a reward.

As part of their ongoing operation against United States known as "#opBlackSummer", the Tunisian Cyber Army(TCA) and Al-Qaeda Electronic Army(AQEA) has breached the websites belong to US Telecommunication companies.

The hacker group has identified three SQL Injection vulnerabilities in AT&T sub-domains and one SQLi in Verizon website. The hackers provided the vulnerable links to EHN.

The hackers also attacked the the official website for the U.S. Small Business Administration(sba.gov), Merrimack County Savings Bank(mcsbnh.com), State Bank of Park Rapids(statebankofparkrapids.com).

The team exploited the vulnerabilities and compromised information such as User IDs, security question answers, passwords, addresses and email addresses.

XSS in FBI website

Speaking to EHN, the TCA said they exploited the xss vulnerability in FBI website by requesting the admin to open the crafted fbi site link. The hacker claimed that they got temporary access to their computer and downloaded some files about crimes and report.

At EHN, we can't assure that hackers claims about the data compromise are true but the vulnerability links provided by the hackers are valid one.

Then he told the reason behind the attacks that "Pakistan is a country which is currently supporting terrorist activities through ISI, and if they regret Pakistan army and Ministry of Defense mail server backups are enough to proof how closely the are related to terrorism. Pakistan stop these activities before its too late."

The attack seems to be done via SQL injection.

He finally noted that "No matter how hard you try we will get inside in no time." Speaking to EHN the hacker said "Admins and Governments takes website security lightly thinking that they are hosted outside gets treated through your inside network. Thats enough to get inside your network"

A hacker with online handle QuisterTow has claimed to have identified a critical SQL Injection vulnerability in Agoco website(agoco.com.ly) - Arabian Gulf Oil Company based in Benghazi, Libya, engaged in crude oil and natural gas exploration, production and refining.

The hacker exploit this vulnerability and managed to dump the database from the server. He has leaked the login credentials from the database along with the database details.

The leak(pastebin.com/8HLiDqVt ) contains usernames and passwords of admin and few users. The password used by admin is very weak one and leaked in plain-text format.

The hacker also provided the vulnerable link along with the proof-of-concept to exploit this SQL injection vulnerability that lists the username &password information.

Ravi Kariya, a Security Analyst from Cyber Octet Pvt. Ltd (facebook.com/cyberoctet) has discovered critical vulnerabilities in the official website (divyadutta.co.in) of famous Indian Actress Divya Dutta.

There are two SQL Injection vulnerability in the website. One of the vulnerabilities resides in the Press Clips page of the site(divyadutta.co.in/pressclipdetail.asp?id=7). A malicious hacker can exploit this vulnerability and extract the database .

The other one is more critical one , it allows hackers to bypass authentication of the Login . A malicious hacker can login into the website as admin(divyadutta.co.in/admin/) . This can be done by injecting the crafted password that will modify the sql query such that it allows hacker to login.

There is also Cross site scripting vulnerability in the contact us page(divyadutta.co.in/contact.asp ) . Injecting the follow code in the fields and clicking the submit button executes the injected code:

"><script>alert('My Love For Divya Dutta')</script>

Ravi tried to contact the Divya dutta via email and Twitter but she fails to respond for his query. It seems like that She doesn't realize the severity level of this security flaw. A BlackHat hacker is able to deface the site with these vulnerabilities.

I think she will respond after some blackhats attack the site, what do you think guys?

*Update*
After E hacking news published news about the vulnerability, the admin pulled down the divya dutta site. Now the site displays the following error message:

"Directory Listing Denied.This Virtual Directory does not allow contents to be listed."

Recently, we reported that the hackers defaced Top level Domains of Turkmenistan including Google, Gmail, youtube, by exploiting the vulnerability in NIC.tm. Today they have discovered vulnerability in another NIC website.

NIC websites are considered to be most important part of every country on the internet . A network information center (NIC), is the part of the Domain Name System (DNS) of the Internet that keeps the database of domain names, and generates the zone files which convert domain names to IP addresses.

Each NIC is an organization that manages the registration of Domain names within the top-level domains for which it is responsible, controls the policies of domain name allocation, and technically operates its top-level domain.

"any unauthorized access can make a disaster to compromised country ." The hackers said " for example changing all governments website’s DNS to hacker DNS and grab all high-level man of country credentials."

Hackers compromised data from the database and dumped data. They claimed that they reported to nic but there is no response from security team.

An Information Security Expert Narendra Bhati has discovered a critical SQL Injection vulnerability in the Punjab and Sind Bank website(psbindia.com).

Punjab & Sind Bank (P&SB) is a major Public Sector bank in Northern India. Of its more than 1100 branches and offices spread throughout India, almost 450 are in Punjab state, though the bank's corporate headquarters is in New Delhi.

The researcher provided the vulnerable link in an email sent to EHN. As i considered the vulnerability is highly critical one, i am not going to provide the vulnerable link here.

The researcher provided the poc code that allows attackers to extract the username, hashed password, address details stored in the Bank Database.

The researcher also found that the same link is vulnerable to Cross site scripting (XSS) injection. It allows hackers to inject iframe and execute in the site.

The Tunisian Hacker, Human Mind Cracker, has claimed to have discovered SQL Injection vulnerability in Top Bangladesh Government websites.

In an email sent to E Hacking News, hacker mentioned that he found SQLi in three Government sites.

Affected Government sites are the official site of Bangladesh Railway(railway.gov.bd) , National Institute of Mass Communication of Bangladesh(NIMC.gov.bd) and Jiban Bima Corporation(JBC.gov.bd).

Hacker managed to breach the database server belong to National Institute of Mass Communication and leaked the stolen data in Hey paste it (heypasteit.com/clip/0NUH)

The database dump contains database table name, name of users, hashed passwords. It contains more than 650+ entries of user data.

The hacker claims that the Bangladesh Gov websites are not secure at all . As far as i know, not only Bangladesh but also other countries government sites are vulnerable. More than 90% Government websites are vulnerable.

One of the Algerian Banks , Crédit populaire d'Algérie (CPA) Bank is found to be vulnerable to SQL Injection vulnerability. This critical vulnerability was discovered by a Grey-hat Tunisian Hacker "Human Mind Cracker" who usually targets Bank and Government sites.

In an email sent to EHN, the hacker provided the vulnerable link of the site(cpa-bank.dz).

" I reported to them the vulnerability before I hack into the database,2 days without reply or anything...After that I find that the email that they put it in the website for contact is INVALID mail.So I get into the database." The hacker said.

Sony France website(sony.fr) found to be vulnerable to SQL Injection vulnerability that allows hackers to compromise the data. The vulnerability was identified by a hacker from xl3gi0n hackers group.

Sony Corporation commonly referred to as Sony, is a Japanese multinational conglomerate corporation headquartered in Kōnan Minato, Tokyo, Japan. Its diversified business is primarily focused on the electronics, game, entertainment and financial services sectors.

The vulnerability has been discovered in the Sony Computer Science Laboratory (csl.sony.fr). The Vulnerable link provided by the hackers:

A Grey Hat Hacker with online handle "Human Mind cracker" has discovered SQL Injection vulnerability in some Tunisian Bank websites. Central Bank of Tunisia(bct.gov.tn) and Bank of Tunisia and the UAE (bte.com.tn) are vulnerable to SQLi .

In an email sent to EHN , hacker provided us the vulnerable link and the Proof-of-Concept(POC). As he recommend us not to publish the vulnerable , we are not providing the link here.

According to hacker, he reported the vulnerability to them but they didn't fix the vulnerability so he hacked into the database.

He has published some database information compromised from the server that includes database name and few username.

Also, he has discovered Cross site scripting (XSS) vulnerability in Central Bank of Tunisia,atb.com.tn and Banque de Tunisie(bt.com.tn).

SQL Injection is one of the most critical vulnerability, as attacker can extract the entire database by exploiting it. Banks should really buff up their security measures ,as cyber criminals mainly target Financial institution.